Topic: 2FA confusion (Read 316 times)

Electrum is an open source project which can ensure its continuity, it is the most recommended light client wallet on this forum, Electrum incompatible seed phrase on BIP39 wallet is as a result of version number included to generate keys and addresses which also check seed integrity as Electrum seed phrase must produce a valid version number. It is the best in my opinion.

I have imported seed phrase generated on Electrum wallet on Bluewallet countless number of times and it was successful, but just for experiment purpose, I have not seen a need or a valid reason I should import Electrum seed phrase on any other wallet. Although, Bluewallet is also a good open source wallet.

If you still want BIP39 seed phrase to be used by Electrum, Electrum wallet still support the importation of seed phrase generated from BIP39 wallets. You can generate a BIP39 seed, import it on Electrum, check the BIP39 option on Electrum and choose the derivation path of your choice as seen below.

Legacy (p2pkh) for bitcoin addresses that starts from 1
p2sh-segwit (p2wpkh-p2sh) for bitcoin addresses that starts from from 3
Native segwit (p2wpkh) for bitcoin addresses that starts from  bc1

But I will recommend you to use a reputed and open source BIP39 wallet like Bluewallet, Mycelium or html file of Incoleman BIP39 tool for the seed phrase generation unlike using a close source wallet like Trsutwallet which are not advisable at all.

The seed phrase generated by electrum for a standard wallet can be imported into bluewallet.
The seed phrase generated by electrum for a 2FA wallet can't be imported into any other wallet.

You are right but I only pointed out that the seed phrase generated by Electrum can be imported in other wallet provider which is compatible with Electrum's used algorithm for generating seed phrase in Electrum (I don't know any site that is compatible with Electrum's seed phrase when you import a wallet). It is true that Trustwallet use BIP39 and Electrum use it's own algorithm where seed phrase generated in Electrum can't be imported in Trustwallet. Sorry for using Electrum and Trustwallet as an example which I realized that other people won't get what I wanted to say or explain. Thanks for pointing out.

You can't do that.
The seed phrase electrum generates for a 2FA wallet is different from common seed phrases. It's a backup for two master private keys and works in a different way.

Note that even a seed phrase generated by electrum for a standard wallet can't be imported into trustwallet.
Trustwallet uses BIP39 standard while electrum uses its own algorithm for generating a seed phrase.

Having 2FA on the wallet provider you use for example Electrum then your wallet have extra or additional security or protection but you can still import it in other wallet provider like TrustWallet using the Seed phrase and you don't need the 2FA OTP even if you set up a 2FA in Electrum. Anyway, those wallet provider I used is for example only. There was a Site I visited before which is an exchange site (non-custodial) and as expected, I wasn't able to write or copy seed phrase or private key from the site to keep my wallet safe. My account there is safe since I need to provide 2FA OTP before I can access my account and do transactions but 2FA can be hacked. Many non-custodial wallet doesn't have 2FA but some are possible to add Passcode but that is only for from that site or wallet app like TrustWallet.

Your explanation is inaccurate.

2FA provides protection through co-signing outgoing transactions. It protects your Bitcoin in case your compute is compromised but hackers have yet gotten full access to your seed because with seed, they will be able to import it and change from 2FA wallet to normal (non-2FA) wallet and will able to sign outgoing transaction without co-sign from remote server by Trusted Coin.

• Trustedcoin's FAQ on Electrum 2FA wallet
• Electrum wallet - 2 factor authentication

It is not necessary to have 2fa on noncustodial wallet but it can be helpful and give some level of protection, if you have your seed phrase protected, your coins are safe, that is true. But online wallets save the seed phrase on wallet and can be seen through malware, some people can be careless, install malware in a way the malware can steal the seed phrase on their web, mobile or desktop wallet. If 2FA is used like on electrum, the seed phrase can not be found which is still another protection.

The 2FA code is generated using a known algorithm. It's not that you always rely on google for getting 2FA code. You can get the correct code, even if you are not connected to the internet.
You can also use other 2FA applications like Aegis and get the same code.

We don't have 2FA on non-custodial wallets, because these kind of wallets contain your private keys and your private key is all you need to make a transaction. This makes 2FA useless. Anyone who has access to your private key can have access to your fund and make transaction without your permission. In other words, 2FA can't protect your private key.

Google Authentication 2FA belongs to Google, thats a good example of a centralized entity mate, I guess that's why we don't see much 2FA on many crypto wallets this days, I do wish we can use 2FA on trust wallet, its way secured than using fingerprint locks and pin lock.

2FA do not belong to a centralized project, you can use a hardware authenticator or use an app like Aegis which is open source, a wallet can be centralized like Coinbase.com or exchange like Binance, but 2FA should not be referred to as centralized because it is used to protect accounts on a centralized wallet, it can also be used on a noncustodial wallet also for protection, but mostly all noncustodial wallet see it not necessary.

If you can read what others have post on this thread, you can noticed that electrum can use 2FA, but this is optional, the fee can not make me use it, but it can further protect you from hackers. Electrum is an open source wallet and one of the best know bitcoin open source wallet.

Forget about 2FA as this belongs to centralized projects anyway, you can only see 2FA on wallets like coinbase wallet and xapo wallet where private keys and recovery seed are kept by the dev not by the users, a good open source wallet will never have 2FA security.

Yes, Anyone who has access to your seed phrase can spend your bitcoin without your permission and without any need to the 2FA code. As mentioned by nc50lc, that's why you should create the seed phrase on an airgapped device.
As you need to be online for registering on trustedoin, you should be careful that your seed phrase always stays offline. Otherwise, you almost defeat the purpose of the 2FA wallet.

For creating a secure 2FA wallet in electrum
1. Create the wallet on an air-gapped device.
2. Move the wallet file to an online computer.
3. Open the wallet file and Register on trustedcoin.

It does but as the name says it's 2fa - two factor authentication, if someone were to get into your wallet they won't be able to transact unless they have 2fa code. Of course having seed neutralises it and that's why it's supposed to be kept private, 2fa serves different purpose.

Using 2FA Authentication on your crypto wallet is like inviting centralized security into your decentralized wallet, I definitely do not like this idea and I guess thats why many crypto wallets don't have 2FA on them, any wallet that has 2FA security should be ignored.

Mnemonic seed is vital to protect your coin, not 2FA. With seed, you can recover your wallet on other devices even with other wallets as long as they are compatible with the original wallet you use.

2FA on Electrum wallet, for example has a minus point that you will have to pay addition fee for each of your transactions to TrustedCoin which is unnecessary in my opinion.

Is this about Electrum's 2FA?
Because I can't find any topic about 2fa wallet with a seed phrase in your post history and you didn't tell from which 2fa wallet is this about.

If it's Electrum: the 2fa is there to protect the "wallet file", which is in a PC/Phone, which is an online vulnerable environment.
The wallet file doesn't contain the seed phrase or your second master prvKey so it's useless on its own without the 2fa authenticator if accessed by hackers with the correct password.
In this case, a non-2fa electrum wallet would have been hacked already.

The seed on the other hand is air-gap, in a safe offline environment, so the only way to compromise it is to have physical access to it.

It depends on the type of wallet.

Web wallets that are custodial can provide you with a 2FA option to secure your account, but not the seeds to your account.

Most noncustodial wallet do not offer 2FA to secure the account. I think it's only electrum that I remember that has the 2FA option, but if someone accesses your seeds, they can still spend your bitcoins.

No

I do not really understand what you meant by this, but to avoid misunderstanding and confusion, seed phrase are coin recovery words which generate keys. Seed phrase is not the keys, but it generate the keys while the keys generate the addresses.

2FA are commonly used for custodial wallets and exchanges but it can also be used for noncustododial wallet like the 2FA required by TrustedCoin to sign transaction from 2FA Electrum wallet which is 2-of-3 multisig in which 2 keys are required for signing transaction, 1 key for transaction will be provided by TrsutedCoin and the other key from the wallet the transaction are made from.

It is even not to be compared than just indicating the difference because both are entirely different. Seed phrase generates and regenerates (recovery) keys and addresses and used in wallet recovery while 2FA are just addition layer of security.

Well basically Recovery Seed is your key, a fail safe system indeed as said by Upgrade00. And 2FA is just another set of security which doesn't really rely on your seed phrase.

To understand it more, here's a basic interpretation:

• 2FAs are only used for another set of security upon account LOGINs. You can use tons of external applications to use as your 2FA but having it WOULD NOT recover your account.
• RECOVERY SEEDs, on the other hand, is used as a security upon IMPORTING or RECOVERING your account. There's no application that could breach your Recovery Seed (unless you've stored it electronically and without better security)

Hence, they both have their different use. Recovery seed doesn't neutralizing 2FA, but rather making it safer for your account that the 2FA cannot provide.

Yes, recovery (backup) seed phrase is the alpha and omega of every crypto wallet. It is the genesis point where all other private/public key pairs originated. 2FA is just an additional layer of protection on top of that.

Check this thread that was created today: 2FA on crypto wallet exists?

It essentially does. Seedphrase serves as a fail safe system which you can use to recover your address should you lose other modes of access. Reason why it would be kept secure and possibly duplicated in different locations.

2FA serves more as a means to prevent breaches through your device and is not much recommended cause it involves a bit of centralization

Yes, you can always recover a 2FA wallet using your seed only. See here:


2FA wallets are not really worth it anyway, especially if you're planning to spend on a regular basis.

There is one thing I'm trying to catch here, isn't having access to recovery seed neutralised the power of 2FA Authentication? Or this 2FA auth is already imprinted into the recovery seed as well?.